1 min read

Researchers Retrieve Hive Ransomware Master Encryption Key Using Algorithm Flaw

Vlad CONSTANTINESCU

February 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Researchers Retrieve Hive Ransomware Master Encryption Key Using Algorithm Flaw

Researchers recently announced they deciphered data encrypted with Hive ransomware without using the private key the malware generates to lock the content.

"By analyzing the encryption process of Hive ransomware, we confirmed that vulnerabilities exist by using their own encryption algorithm," according to a paper published by researchers from South Korea's Kookmin University. "We have recovered the master key for generating the file encryption key partially, to enable the decryption of data encrypted by Hive ransomware."

The team identified an encryption flaw in the mechanism the ransomware uses to generate and store keys. Hive ransomware only encrypts parts of the compromised documents instead of the whole file by using two keystreams originating from the master key.

Hive uses an XOR operation on the two keystreams to generate an encryption keystream, which is fused with the data and XORed in alternate blocks to create the encrypted file. While the technique works, it also lets experts guess the keystreams, restore the master key, and decipher the encrypted content without the malware's private key.

The research team reportedly devised a reliable method to recover almost all the encryption keys using the flaw. "We recovered 95% of the master key without the attacker's RSA private key and decrypted the actual infected data," according to the group of academics.

Much like other cybercrime groups, Hive runs a Ransomware-as-a-Service (Raas) operation that deploys various tools, techniques and tactics to attack businesses, exfiltrate and encrypt their data, and demand a ransom in exchange for access to the decryption key.

The gang also engages in double extortion schemes, where perpetrators threaten to leak exposed sensitive victim data on various websites if their demands are not met. Hive uses various techniques to breach networks, including compromised VPN credentials, phishing emails, and vulnerable RDP servers.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Flaw allowed man to access private information of other Brinks Home Security customers Flaw allowed man to access private information of other Brinks Home Security customers
Graham CLULEY

November 30, 2022

2 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
Alina BÎZGĂ

November 29, 2022

2 min read
Hackers Steal Crime Files in Attack on Belgian Police Station, Then Demand Ransom Hackers Steal Crime Files in Attack on Belgian Police Station, Then Demand Ransom
Filip TRUȚĂ

November 28, 2022

2 min read